[Bug 11281] New: FW: [FG-VD-18-127] VMware ESXi Command Injection Vulnerability Notification

bugzilla at busybox.net bugzilla at busybox.net
Wed Sep 5 21:22:25 UTC 2018


https://bugs.busybox.net/show_bug.cgi?id=11281

            Bug ID: 11281
           Summary: FW: [FG-VD-18-127] VMware ESXi Command Injection
                    Vulnerability Notification
           Product: Busybox
           Version: unspecified
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: z.yang at hotmail.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

Hi,

I am forwarding this finding because the vulnerability seems exists in the
busybox. I’d like to confirm if it is a known issue.

I have tested it with busybox 1.28.1 (this is the latest binary I can find from
https://busybox.net/downloads/binaries/) and executed the PoC in a simplest
Linux at
https://bellard.org/jslinux/vm.html?url=https://bellard.org/jslinux/buildroot-x86.cfg
(From https://bellard.org/jslinux/index.html).

The details are encrypted with Denys’ public key
(https://busybox.net/~vda/vda_pubkey.gpg).

I've emailed to busybox at busybox.net, but no respond. So I created this bug.


Thanks for your time,
Zhouyuan

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list